Whether you work for a big enterprise or small business, you have people that look after your IT and cybersecurity needs. They have it covered, that's not your responsibility or even something you understand. Cybersecurity is that weird black magic that hackers on both sides (good and evil) do in a strange and fantastical battle for your company's networks. It is like a game of strategy between medieval knights, with epic battles that are waged over the digital battlefields with blood and gore in the form of computer systems. Data is being captured, apps lost and no clear winner for anyone to see. One false move on either side could see the other take the upper hand. The battle can't be won by lone knights, this is much bigger than that it will take an army of loyal foot soldiers, squires, maidens, accountants, receptionists and sales staff.
Cybersecurity is not some kind of black magic and there is no mythical battle for your computer systems by virtual knights per se. Cybersecurity is everyone's business. Yes, I do mean everyone. From the cleaners, to the accountants, to the temp workers that are only in twice a month. Everyone is responsible for cybersecurity. I don't mean that you all need to go out and get your staff configuring firewalls or advance endpoint solutions or even hunting threats on the dark web
The cyberwar is real and although it is not waged over that fantasy realm it is happening as we speak in real-time, possibly even on your systems whether you are aware of it or not. Yes, that’s right a malicious actor could already have you and your company in their sights. They are in the process of waging real digital war against you and you expect opponents of sometimes almost unlimited resources to be stopped by James or Jenny, your internal security person. You’re not serious right? One or even five people can not defend against all attacks on all angles at all times 24/7 365 days a year. That's just unrealistic and almost impossible. Should we just give up when a breach occurs? No, that's not the answer, the size of the security team your company has at its disposal is the answer.
Hang on didn’t I just say you only had James or Jenny to keep you secure, I did but that’s not where your security team should end. How many staff does your organisation have? 20, 50, 1000 or more? Why not deputise them all into your security team, bring everyone and I mean everyone into your army. Don't try to scare them into submission, that doesn't work. Empower them. Help them understand the threats in plain English or whatever language or jargon they understand best.
Look at the education process as a constant, not a one or two-time thing each year. Help your teams live and breathe security, help them to be more secure at home. Teach them best practises and also explain why they are best practices. You are possibly making their days harder; the process they have followed for 10 years you want them to do it differently. Staff will come together if they understand what is at risk, what we are all fighting for together. Give them a cause to stand up for and be a champion in their team.
Give your team a chance, help them understand what is happening, the personal and company benefits. If you can do it right and bring onboard the right people, you know the ones, the true leaders, not necessarily the managers (they still could be) but the staff who carry influence. Get them to buy in and your teams will join in (Build it and they will come – I know it's a sad pun from a Kevin Costner movie). You get where I am going with this though right?
Instead of having one or even five security staff protecting your company you could have 200 or 500 staff members fighting the cyberwar, being better security-conscious users, following best practise and helping raise the alarm for potential threats or incidents. I feel an army of foot soldiers and five knights could have a much better chance of surviving a battle or possibly even reign victorious if everyone comes together as one wall, one sword or one shield.
This battle can not be won standing alone, we need to stand tall and stand together.
As usual, tell me what you think, do you think this could work, are you doing this already, do you think I have finally lost the plot and should make my way to the funny farm? Let's start a conversation, really discuss this and make it happen. I know we can do it if we truly set our minds to it.
Till next time…